zlacker

[return to "NFS: The Early Years"]
1. hsbaua+Hv[view] [source] 2022-06-21 02:59:17
>>chmayn+(OP)
I’ve never really understood how permissions are supposed to work with NFS - are user IDs supposed to be consistent across systems?

Is there a sane easy way to implement authentication? Last Time I tried iirc my options were LDAP or nil.

◧◩
2. chasil+lw[view] [source] 2022-06-21 03:07:11
>>hsbaua+Hv
Under NFSv2 and NFSv3, the numeric user and group id is used to determine permission, and these must be aligned between the client and server. I have an oracle uid 60 on an older system that maps as elcaro on an NFS client (because I have a different oracle user there as uid 54321).

Under NFSv4, direct uid/gid is no longer used, but the RPC.idmapd process determines privilege. I'm not really sure how it works beyond continuing to work when uid/gid synchronization is in place for NFSv3 and the connection is upgraded.

There is also an NFS ACL standard, but I don't know anything about it.

◧◩◪
3. zaarn+271[view] [source] 2022-06-21 08:30:58
>>chasil+lw
the NFSv4 ACL Standard is tangentially related to NFS, the TL;DR is that it replicates the kind of ACLs you can create under Windows (ie, seperate "Write to File" and "Append to File" into different permission bits, make inheritance configurable, etc.).

The TrueNAS people (ixsystems) have a patch to bring it to Linux and ZFS; though from what I've heard upstream LKML lists aren't too enthused since they'd rather see this being used by an in-kernel filesystem.

◧◩◪◨
4. trasz+j81[view] [source] 2022-06-21 08:43:34
>>zaarn+271
The ZFS support is there since the beginning (and used in Solaris and FreeBSD); Linux glue code is missing though.
[go to top]